Vulnerabilities > Qnap

DATE CVE VULNERABILITY TITLE RISK
2017-11-22 CVE-2017-13071 Command Injection vulnerability in Qnap Video Station 5.1.3/5.2.0
QNAP has already patched this vulnerability.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2017-10-06 CVE-2017-13069 Command Injection vulnerability in Qnap Music Station
QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2017-10-06 CVE-2017-13068 SQL Injection vulnerability in Qnap QTS Helpdesk 1.1.12
QNAP has already patched this vulnerability.
network
low complexity
qnap CWE-89
7.5
7.5
2017-09-19 CVE-2017-10700 Improper Input Validation vulnerability in Qnap QTS 4.3.3.0229
In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application.
network
low complexity
qnap CWE-20
critical
 9.8
9.8
2017-09-14 CVE-2017-13067 Unspecified vulnerability in Qnap QTS
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901.
network
low complexity
qnap
critical
 9.8
9.8
2017-08-18 CVE-2017-12582 Missing Authorization vulnerability in Qnap Ts-212P Firmware 4.2.1
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601.
network
low complexity
qnap CWE-862
critical
 9.8
9.8
2017-06-15 CVE-2017-7629 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Qnap QTS
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
network
low complexity
qnap CWE-640
7.5
7.5
2017-03-23 CVE-2017-6361 OS Command Injection vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
qnap CWE-78
critical
 9.8
9.8
2017-03-23 CVE-2017-6360 OS Command Injection vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
network
low complexity
qnap CWE-78
critical
 9.8
9.8
2017-03-23 CVE-2017-6359 OS Command Injection vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
network
low complexity
qnap CWE-78
critical
 9.8
9.8